To see how you are tracked by your IP address, go to https://www.cogipas.com/whats-my-ip/. The sites listed there demonstrate what is just the tip of the iceberg about the kind of hidden information that your web browsing activities reveal. Increasingly, your online digital fingerprint is being determined by other factors too. This Consumer Reports web page has a great checklist of 66 things to do to improve your online security and privacy that include many actions not covered by my site.
The Electronic Freedom Foundation (EFF) is an independent non-profit working to protect peoples’ online privacy for nearly thirty years. The EFF Surveillance Self-Defense web page is an expert guide to protecting you and your friends from online spying.
The web site, privacytools.io, provides services, tools and knowledge to protect your privacy against global mass surveillance.
Good privacy is all about layering – no single tool exists that provides a comprehensive solution to privacy. You need to build a multi-layer complementary approach that starts with your browser. Everyone needs to be using a secure and privacy-friendly browser and Internet connection services for these important reasons:
• Browsers can be compromised in many ways.
• Browsers contain lots of private information about you.
• Companies can read, retrieve, record, monitor, and store detailed information about your computer and browsing habits
• ISPs can track and record all unencrypted content you send and receive when connected to their network servers
• Google, Amazon, Yahoo, etc. can all track and record all search activity performed using their search tools
• Search requests are sent thru unencrypted DNS servers that route your search to correct web sites
• All of this data can be used to identify and track you through browser fingerprinting.
Take the following eight steps to build a strong online perimeter to reclaim and protect your privacy
2. Next Install Browser Add-ons
3. Switch to a Private Search Engine
4. Thwart Search Engine Tracking URLs
5. Additional Ad Blocking Steps for Hiding Your Tracks
6. Subscribe to a Virtual Private Network (VPN) Service
8. Test to Assess Your Security / Privacy
By default, most browsers will contain lots of private information unique to you, including your browser type, browsing history, usernames, passwords, geographical location, IP address, computer type, operating system, and configuration, auto-fill information (such as your name, address, etc.). All of this data can be collected, updated, stored in massive databases, and constantly analyzed to identify and track not only your online browsing activity, but also purchase preferences, physical location, geographic travel patterns.
Here are some great options for selecting a secure, privacy focused browser.
Firefox – Firefox is a great browser for both privacy and security. It is highly customizable to give you the level of security and privacy you desire, while also being compatible with many browser extensions.
Waterfox – Waterfox is a fork of Firefox, with telemetry and other items stripped out to give users more privacy. It is based on Firefox 56 with ESR patches.
Tor – The Tor browser is hardened version of Firefox that also utilizes the Tor network by default (but this can be disabled). It should be noted that Tor was created by the US military and continues to be funded by the US government today. (See the in-depth Tor guide for more details.)
Brave – Brave is based upon Chromium (the open-source version of Google Chrome) that has been modified to provide a privacy-focused browser right out of the box. By default, it will block ads and trackers, and it’s also customizable, fast, and has built-in protection against browser fingerprinting.
HTTPS Everywhere – This private and secure web browser blocks ads, trackers, fingerprinting, cryptomining, ultrasound signaling and more. It also has frees integrated VPN with servers in eight countries.
Do not use the following popular browsers if you have privacy concerns:
Google Chrome – It offers good security, but it is extremely invasive and collects all kinds of private data, which Google uses for targeted ads.
Opera – This browser technology was acquired by a Chinese company that has a troubling privacy policy regarding data collection and sharing practices. Plus, all Chinese company’s operations and technology products are closely monitored by Chinese government, which raises red flags concerning security and privacy compromise through spying on and monitoring of user activity.
Microsoft Internet Explorer (IE) – This browser is riddled with security and privacy holes (such as ActiveX) that are constantly being exploited and compromised by hackers and can lacks user configurable parameters to limit privacy tracking technology.
Microsoft Edge browser – this new browser does offer more security than IE, since it’s based on open-source Chromium code base. However, it seriously compromises user privacy, since it uses proprietary extensions, many unclear settings, and a lot of data collection enabled by default.
Harden your browser by installing a combination of the following add-ons – these tools extend the privacy and security abilities of Firefox, Chrome, Chromium, and Opera turning them into secure browsing platforms. Note that add-ons built to integrate with Firefox can also added to other browsers based upon Firefox. Online ads may still be using up resources and tracking you, even if the ads are not being displayed. Choose an ad blocker carefully – some ad blockers, such as Ghostery and Adblock Plus will collect user data for profit and/or show you “approved” ads.
HTTPS Everywhere – In spite of some infamous security issues, SSL is still extremely important for keeping your Web traffic safe from prying eyes. If you want to keep nosy packet sniffers out of your business, your Web traffic should always be going through SSL connections. Sadly, not every website supports SSL. Even worse, many websites that do support SSL still default to unencrypted connections -- and the Electronic Frontier Foundation (EFF) wants to change that. The HTTPS Everywhere browser extension, provided for free by the EFF, forces SSL connections on countless websites. Chrome, Firefox, and Opera users can all take advantage of this wonderful extension, and keep important Web traffic private and secure.
Privacy Badger – EFF's Privacy Badger add-on. Available for Chrome, Firefox, and Opera, this browser extension monitors when sites try to track your browsing habits, and automatically thwarts future tracking attempts. The list of blocked content automatically improves as you browse -- no need to manually block trackers. 
Better yet, you can configure this add-on to disable WebRTC tracking as well.
Decentraleyes – A web browser extension that emulates Content Delivery Networks (CDN) to improve your online privacy. It intercepts and blocks incoming traffic from third-party servers, finds supported resources locally, then substitutes and injects them into your browser environment. All of this happens automatically, so no prior configuration is required.
Cookie AutoDelete – Add a tool like Cookie Autodelete that can easily manage and delete pervasive cookies or set your browser to delete all cookies when exiting the browser.
NoScript – This add-on is a JavaScript blocker providing in-depth control over scripts thst run on the sites you visit. JavaScript is incredibly powerful, but that useful little scripting language can be used against you. By design, it can deliver detailed information about your system to any Web server. What plug-ins do you have enabled? What size screen are you using? Those small pieces of information can add up, and make tracking your usage profile easier for advertisers and governments. Worse, unpatched JavaScript exploits could potentially be used to trick your browser into giving up even more identifying information. If you want to be truly anonymous, you're going to need to disable JavaScript. That's easier said than done, since many websites rely on JavaScript for core functionality, so you'd be effectively knee-capping your Web browser. But when you use extensions like NoScript, you can manually manage which domains have permission to run JavaScript in your browser. This way, you can whitelist only the domains and webpages that you absolutely trust.
uBlock Origin – A powerful blocker for advertisements and tracking.
uMatrix – While this may be overkill for many users, this powerful add-on gives you control over requests that may be tracking you on various websites. If you use this, you will not need uBlock Origin.
3. Switch to a Private Search Engine
It’s no secret that big search engines (Google, Yahoo, Bing) record and track everything you do related to your searches. This includes tracking the sites you visit after leaving their search page, which helps them to build unique user profiles for their advertising partners.
However, there are really great alternatives to “the usual suspects” that take user privacy seriously and do not record or track any of your search activity.
DuckDuckGo.com – This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads. They also have a zero-sharing policy, but they do record search terms. DuckDuckGo utilizes the Bing search platform but strips all tracking and profiling code from before returning your search results.
StartPage.com – StartPage gives you Google search results, but without the tracking. It was created in 2004 as "the world’s most private search engine", which doesn’t log, track or share your personal data. It has added many additional privacy features, like " Anonymous View " for further protection. Startpage.com is privately held by Startpage BV, an EU-based company, where privacy laws are amongst the most stringent in the world.
searX.me – This search engine is a very privacy-friendly and versatile metasearch engine that queries and returns search results from over 70 Internet search databases. It uses HTTPS/SSL. It’s code is 100% open source available for review by anyone. searX.me does not share users' IP addresses or search history with the search engines from which it gathers results. Tracking cookies served by the search engines are blocked, preventing user-profiling-based results modification. By default, searx queries are submitted using a protocol that prevents users' query keywords from appearing in webserver logs.
Qwant.com – A private search engine based in France. Qwant’s philosophy is based on two principles: no user tracking and no filter bubble. Qwant was launched in France in February 2013.
MetaGer.org –
Gibiru,com – Gibiru Search operates on https 256 bit encrypted web browsing at through your browser and on both iPhone and Android Apps. Gibiru does not set any cookies on your device. Gibiru does not keep any search logs. Gibiru does not sell your data because Gibiru does not have any data about you or your web browsing history.
Swisscows.com – They do not collect your data, track, or store your data. Swisscows provides complete search anonymity. They own all of their own servers and do not work with a cloud or third party. Their data center is in a secured bunker the Swiss Alps and have positioned everything geographically outside of EU and US.
searchencrypt.com – All user searches are encrypted. Search Encrypt does not track user's searches or search history. They also claim to make use of the newest and best possible security features, including Perfect Secrecy SSL to protect user's searches and ensure that they remain private.
Yippy.com –
oscobo.com –
4. Thwart Search Engine Tracking URLs
It's no secret that Google makes money by tracking your behavior for targeted ads, and that's problematic from a privacy perspective. Using DuckDuckGo is a good alternative for some of us, but the quality of Google's results can be difficult to forgo. Thankfully, you can easily sidestep one of Google's most obnoxious behaviors: URL trackers. When you click on a URL in Google, it actually loads a redirect URL first for easier tracking. Even worse, simply copying the link from Google can give you a long, messy tracking link instead of the plain URL you really want.
Searchlinkfix for Firefox – This is a Firefox-only add-on that completely strips away the tracking string that Google attaches to each web link you click on the Google search results page. This extension prevents Google and Yandex search pages from modifying search result links when you click them. This is useful when copying links but it also helps privacy by preventing the search engines from recording your clicks.
Searchlinkfix for Chrome - This is the link for Chrome-only add-on by the same developer of the Firefox add-on.
Searchlinkfix for Opera - This is the link for the Opera-only version of the add-on
5. Additional Ad Blocking Steps for Hiding Your Tracks
To obtain and maintain maximum privacy, you need to effectively block all ads served up to your browser as you surf the Internet. Note that ad-blocking works differently on mobile devices, especially on iPhones and iPads, where there aren’t as many options. The best ad blocking setup will depend on your situation and needs. If you have numerous devices you use at home, setting up a network-wide ad blocker would be a good solution for blanket protection.
Here are a few different options to help you achieve better privacy.
Dedicated Ad blocker apps – A dedicated app will most likely do a very good job blocking ads on your device. One popular and well-regarded option is AdGuard.
VPN ad blocker – Another option is to use a VPN service that offers an ad blocking feature (VPN ad blocker), such as Perfect Privacy VPN and IPVanish VPN service.
Ad blocking on a router – Ad blocking on a router can be accomplished various ways – from using ad blocking DNS to loading custom filter lists onto your router.
Block Location Data – Any proper browser should let you toggle on and off location data and I recommend leaving it off completely or at least until you really need to find something. At the very least, demand that websites prompt you for access before gathering the data. That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. This is especially relevant if your mobile phone or tablet is connected to cellular service or WiFi hotspots. If you're browsing the Internet without a proxy or a VPN, you're effectively broadcasting your IP to every server you come across, and that information can be used to determine where you are located.
6. Subscribe to a Virtual Private Network (VPN) Service
Using a VPN (virtual private network) is one of the simplest and most effective ways to protect your privacy, secure your devices, and also access blocked/censored content online. A VPN creates an encrypted tunnel between your device and the VPN server and substitutes your actual IP address with one assigned by the VPN server.
The VPN server-assigned IP address becomes the IP address during your connection time. This protects and masks your actual IP address from any Web sites that you visit giving you a degree of privacy and security.
As VPN services are gaining popularity, VPN providers are appearing who offer “Free!” services – beware of these providers – while some are legitimate responsible businesses (like ProtonVPN), many free VPN providers often collect and sell user data, have very few servers, offer limited bandwidth, and collect/maintain extensive logs of user activity – some are outright scams and various marketing gimmicks.
There are now many reliable, reputable VPN service providers spread throughout the world. But there are also As such, it is important to know where the provider’s business offices are located for legal jurisdiction purposes, since legal protection for digital data privacy rights vary greatly from country to country. All VPN providers offer a range of services with varying levels of privacy and security protections, so it is important to determine your privacy and security needs when selecting a VPN service provider.
The best providers are ones who openly and clearly spell out their subscriber privacy commitments, such as no logging of user activity, encryption of all records, policy on disclosing logs to law enforcement, etc.
VPNs can range in price from $2.99 per month (NordVPN) all the way up to $6.67 per month (ExpressVPN), and in some cases even more, such as with Perfect Privacy. When you purchase a VPN subscription you will be able to use the VPN on various operating systems and devices, from computers and tablets to phones and routers.
If you're serious about maintaining your anonymity, consider investing in a VPN solution like ProtonVPN, TorGuard, or Private Internet Access. While the protection isn't perfect, they will help you to disguise your activities online. Your real IP address will be hidden from the world, and your traffic will remain indecipherable to nosy ISPs or governments. Even if your country is actively on the lookout for VPN traffic, you can still benefit from so-called "stealth VPNs." TorGuard offers its stealth VPN service at no additional cost, and it will make government detection and interference much harder to accomplish. For those of you being held hostage by your government, VPNs are by far the best bet for bypassing censorship and snooping.
Note that the “best VPN” solution will differ for each person based on unique needs, service cost, bandwidth requirements, and privacy circumstances. For an in-depth overview of all the different VPN router options, see this VPN router guide.
If you are tech savvy — and less expensive — way to secure your entire home network and all devices, a router (either WiFi or hardwired) that incorporates firewall and VPN capabilities is an excellent option. A good VPN router will:
- Extend the benefits of a VPN to all your devices without installing software
- Protect you against mass surveillance and internet service provider (ISP) spying
- Secure your home network against attacks, hacking, and spying
- Unlock the entire internet, allowing you to skirt geographic restrictions, blocks, and censorship
The only reasonably priced consumer brand currently offering a large selection VPN-enabled routers is Asus. The default Asus firmware, which is called ASUSWRT, supports OpenVPN, PPTP, and L2TP right out of the box (no flashing required). The Asus RT-AC68U is an excellent choice.
There are numerous brands offering business-grade routers that incorporate both firewall, router, and VPN capability, but these can be quite costly, especially if you by a support subscription. They are usually more complex to set up and manage. The Fortinet FortiGate E30 and WatchGuard Firebox T15 two good options if you want this increased degree of protection.
When choosing a router, the biggest consideration is processing power (CPU). Running a VPN on a router is a very CPU-intensive task requiring the router to process lots of encrypted data. For these reasons, it’s typically good to go with a router that’s at least 800 Mhz or more.
Beware: choosing this solution makes you responsible for all maintenance — this includes updating router/VPN software security updates, setting up strong password policies, setting security intrusion alerts and reviewing the logs, etc. So while it may be lower cost than a VPN service subscription fee, it will require more of your time to keep the VPN service secure and protected.
8. Test Your Security / Privacy
It isn’t enough to install / implement the various recommendations and then forget about it. It’s also important to test and verify that the privacy and security tools you implemented are delivering the desired protections. I’ve provided some info and links below to help you conduct an extensive test of your browser privacy and security posture.
BrowserLeaks.com – This site is all about Web Browser Fingerprinting. Here you will find the gallery of web browser security testing tools that tell you precisely what personal identity data may be leaked thru your browser without any permissions when you surf the Internet. This toolset will never be completely exhaustive, but this site is an invaluable asset to can help you determine that your privacy and security precautions are really working. You should also use this tool any time you make configuration changes to your browser or computer systems. Currently, BrowserLeaks provides the ability to run and report on your browser leak exposure status of the following data:
- IP Address - Main tool that illustrates server-side abilities to expose the user identity. It contains a basic features, such as Showing Your IP Address and HTTP Request Headers. As well as Proxy Detection in all possible XFF headers. GeoIP Data Acquisition about the general IP Address and all of a Proxy IP's (Country, State, City, ISP/ASN, Local Time, Latitude/Longitude), and put all IP places to the Map. In addition, here is a special features — Passive TCP/IP stack OS Fingerprinting, DNS and WebRTC Leak Tests.
- Java Script status - A lot of user data can be obtained using common JavaScript functionality. DOM Window Object disclose much of sensitive information about the web
browser: User-Agent, Architecture, OS Language, System Time, Screen Resolution. There is a listing of the NPAPI Plug-ins and Windows Explorer Components. Also there is already implemented: detection and obtaining data through a brand new HTML5 API's, such as the Battery Status API and Navigation Timing API. - Flash Player - Describes the Flash Player Runtime properties that can be provided through the use of AS3 System Capabilities: Flash Version, Plugin Type, Operating System, Manufacturer, System Language, Web Browser Architecture, Screen Resolution, and many other properties that describe the hardware and multimedia capabilities of the system.
- Silverlight - Getting system information using Silverlight Plug-In, installed in your web browser. Shows your system environment details such as: OS Version, Processor Count, System Uptime, Time Zone, Installed Fonts, System and User Culture, Region and Language OS settings, as well as part of evercookie to test Silverlight Isolated Storag Cookies.
- Java Applet - What kind of permissions usual unsigned Java Applet has? It can be the extended Java Machine description, OS Detection: Name, Version, Arch, User Locale, and some file system related information. CPU Cores count, amount of Dedicated Memory, JVM instance Uptime, Network Interfaces Enumeration.
- WebGL - Web Graphics Library Browser Report checks WebGL support in your browser, produce WebGL Fingerprinting, shows other WebGL and GPU capabilities more or less related web browser identity. Also this page contains the How-To enable or disable WebGL in a modern web browsers.
- WebRTC - Web Real Time Communications is used to facilitate real-time data stream between your browser and a web server. A user’s IP address is required to help establish this path and your browser. The fundamental vulnerability with WebRTC is that your true IP address can be exposed via STUN API requests with Firefox, Chrome, Opera and Brave, Safari, and Chromium-based browsers, even when you are using a good VPN. Nefarious websites could potentially use this information to fingerprint inpiduals who do not want to be tracked.
- Canvas Fingerprinting - Browser Fingerprinting without any of user agent identifiers, only through HTML5 Canvas element. The method is based on the fact that the same canvas-code can produce different pixels on a different web browsers, depending on the system on which it was executed.
- Font Fingerprinting – This tracking method is based upon the composite unique characteristics of all fonts you have installed and how your browser renders these fonts. This technique measures the dimensions of the filled with text HTML elements, it is possible to build an identifier that can be used to track the same browser over time. A unique font fingerprint is one of the easiest ways to track a user and is difficult to effectively defend.
- Content Filters - The set of demos that try to determine Content Filters usage, is the type of applications that operate between the browser and the web page, and are designed to manipulate the connection and content of a visited web pages. Among them are Tor Browser, Privoxy, Adblock Detectors.
- Geolocation API - Tool for testing HTML5 Geolocation API. Checking the browser's permissions to geolocation. Based on the latitude longitude and accuracy received from the browser, shows the possible radius of your location on the interactive map.
- Browser Features Detection - Web Browser's Features Detection via Modernizr — library that detects HTML5 features. It once again shows how powerfully modern JavaScript affects to web browser's identity. This tool is also used by web developers (as "Modernizr Helper") for quickly testing web browsers’ compatibility with HTML5 features.
DNS Leak Testing – Even if you use a privacy service like a VPN, it's still possible to give away clues to your identity via your DNS traffic. Thankfully, it's easy to detect if your configuration is leaking your DNS information. Simply head over to DNSLeakTest.com, and run the extended test. If the results show the third-party DNS service you're using (like TorGuard), you're set. If your ISP's DNS info shows up, you have a DNS leak. Follow the steps listed on the "How to fix a DNS leak" page, and then test yourself again to make sure everything is working as intended.
Tenta.com/test - This site provides the ability to run a subset tests that checks for the most common set of browser leaks and provides the results in one consolidated online report. This report is a bit easier to understand.
Who’s Tracking You – Use the decentraleyes.org/test testing utility to find out if you are properly protected against online tracking by 3rd-party content delivery networks (CDNs)
Panopticlick - This site is provided by EFF (Electronic Frontier Foundation) tests how well are you protected against non-consensual Web tracking.. This tool analyzes and reports on the following five browser vulnerabilities:
1. Is your browser blocking tracking ads?
2. Is your browser blocking invisible trackers?
3. Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?
4. Does your browser protect from fingerprinting?
5. Does your browser unblock 3rd parties that promise to honor Do Not Track?
9. Additional References and Resources
Follow this link to my web page containing links to other great resources and reference sites that I use to keep current with the developments in online privacy and security.
